TxRay: Agentic Postmortem of Live Blockchain Attacks
- URL: http://arxiv.org/abs/2602.01317v4
- Date: Mon, 09 Feb 2026 11:12:45 GMT
- Title: TxRay: Agentic Postmortem of Live Blockchain Attacks
- Authors: Ziyue Wang, Jiangshan Yu, Kaihua Qin, Dawn Song, Arthur Gervais, Liyi Zhou,
- Abstract summary: Within five years, the DeFi ecosystem has lost over 15.75B USD to reported exploits.<n>We present TxRay, a postmortem system that reconstructs live ACT attacks from limited evidence.<n>On 114 incidents from DeFiHackLabs, TxRay produces an expert-aligned root cause and an executable PoC for 105 incidents, achieving 92.11% end-to-end reproduction.
- Score: 52.658018348998105
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Decentralized Finance (DeFi) has turned blockchains into financial infrastructure, allowing anyone to trade, lend, and build protocols without intermediaries, but this openness exposes pools of value controlled by code. Within five years, the DeFi ecosystem has lost over 15.75B USD to reported exploits. Many exploits arise from permissionless opportunities that any participant can trigger using only public state and standard interfaces, which we call Anyone-Can-Take (ACT) opportunities. Despite on-chain transparency, postmortem analysis remains slow and manual: investigations start from limited evidence, sometimes only a single transaction hash, and must reconstruct the exploit lifecycle by recovering related transactions, contract code, and state dependencies. We present TxRay, a Large Language Model (LLM) agentic postmortem system that uses tool calls to reconstruct live ACT attacks from limited evidence. Starting from one or more seed transactions, TxRay recovers the exploit lifecycle, derives an evidence-backed root cause, and generates a runnable, self-contained Proof of Concept (PoC) that deterministically reproduces the incident. TxRay self-checks postmortems by encoding incident-specific semantic oracles as executable assertions. To evaluate PoC correctness and quality, we develop PoCEvaluator, an independent agentic execution-and-review evaluator. On 114 incidents from DeFiHackLabs, TxRay produces an expert-aligned root cause and an executable PoC for 105 incidents, achieving 92.11% end-to-end reproduction. Under PoCEvaluator, 98.1% of TxRay PoCs avoid hard-coding attacker addresses, a +22.9pp lift over DeFiHackLabs. In a live deployment, TxRay delivers validated root causes in 40 minutes and PoCs in 59 minutes at median latency. TxRay's oracle-validated PoCs enable attack imitation, improving coverage by 15.6% and 65.5% over STING and APE.
Related papers
- Security Risks of AI Agents Hiring Humans: An Empirical Marketplace Study [0.0]
We analyze 303 bounties from RENTAHUMAN.AI, a marketplace where agents post tasks and manage payments.<n>We find that 99 bounties (32.7%), originate from programmatic channels (API or MCP)<n>We identify six active abuse classes: credential fraud, identity impersonation, automated reconnaissance, social media manipulation, authentication, circumvention, and referral fraud, all purchasable for a median of $25 per worker.
arXiv Detail & Related papers (2026-02-23T05:08:27Z) - Anchored Decoding: Provably Reducing Copyright Risk for Any Language Model [99.16364381244445]
Modern language models (LMs) tend to memorize portions of their training data and emit verbatim spans.<n>We propose Anchored Decoding, a plug-and-play inference-time method for suppressing verbatim copying.<n>We evaluate our methods across six model pairs on long-form evaluations of copyright risk and utility.
arXiv Detail & Related papers (2026-02-06T19:00:14Z) - OpenSec: Measuring Incident Response Agent Calibration Under Adversarial Evidence [0.0]
We introduce OpenSec, a dual-control reinforcement learning environment that evaluates defensive incident response agents.<n>Unlike static capability benchmarks, OpenSec scores world-state-changing containment actions under adversarial evidence.<n>We find consistent over-triggering in this setting: GPT-5.2, Gemini 3, and DeepSeek execute containment in 100% of episodes with 90-97% false positive rates.
arXiv Detail & Related papers (2026-01-28T22:12:54Z) - From Transactions to Exploits: Automated PoC Synthesis for Real-World DeFi Attacks [15.23851315830671]
We present the first automated framework for verifiable proofs-of-concept (PoCs) directly from on-chain attack executions.<n>TracExp localizes attack-relevant execution contexts from noisy, multi-contract traces.<n>We evaluate TracExp on 321 real-world attacks over the past 20 months.
arXiv Detail & Related papers (2026-01-23T11:52:50Z) - Can We Predict Before Executing Machine Learning Agents? [74.39460101251792]
We formalize the task of Data-centric Solution Preference and construct a comprehensive corpus of 18,438 pairwise comparisons.<n>We demonstrate that LLMs exhibit significant predictive capabilities when primed with a Verified Data Analysis Report.<n>We instantiate this framework in FOREAGENT, an agent that employs a Predict-then-Verify loop, achieving a 6x acceleration in convergence while surpassing execution-based baselines by +6%.
arXiv Detail & Related papers (2026-01-09T16:44:17Z) - V-ZOR: Enabling Verifiable Cross-Blockchain Communication via Quantum-Driven ZKP Oracle Relays [0.42164623134161255]
Cross-chain bridges and oracles represent some of the most vulnerable components of decentralized systems.<n>We propose V-ZOR, a verifiable oracle relay that integrates zero-knowledge, quantum-grade proofs, and cross-chain restaking.
arXiv Detail & Related papers (2025-09-13T22:34:59Z) - Decompiling Smart Contracts with a Large Language Model [51.49197239479266]
Despite Etherscan's 78,047,845 smart contracts deployed on (as of May 26, 2025), a mere 767,520 ( 1%) are open source.<n>This opacity necessitates the automated semantic analysis of on-chain smart contract bytecode.<n>We introduce a pioneering decompilation pipeline that transforms bytecode into human-readable and semantically faithful Solidity code.
arXiv Detail & Related papers (2025-06-24T13:42:59Z) - ME: Trigger Element Combination Backdoor Attack on Copyright Infringement [76.0062084678398]
SilentBadDiffusion (SBD) is a method proposed recently, which shew outstanding performance in attacking SD in text-to-image tasks.<n>In this paper, we raised new datasets accessible for researching in attacks like SBD, and proposed Multi-Element (ME) attack method based on SBD.<n>The Copyright Infringement Rate (CIR) / First Attack Epoch (FAE) we got on the two new datasets were 16.78% / 39.50 and 51.20% / 23.60, respectively close to or even outperformed benchmark Pokemon and Mijourney datasets.
arXiv Detail & Related papers (2025-06-12T14:51:27Z) - Model Supply Chain Poisoning: Backdooring Pre-trained Models via Embedding Indistinguishability [61.549465258257115]
We propose a novel and severer backdoor attack, TransTroj, which enables the backdoors embedded in PTMs to efficiently transfer in the model supply chain.<n> Experimental results show that our method significantly outperforms SOTA task-agnostic backdoor attacks.
arXiv Detail & Related papers (2024-01-29T04:35:48Z) - CFT-Forensics: High-Performance Byzantine Accountability for Crash Fault Tolerant Protocols [14.503216369017762]
Crash fault tolerant (CFT) consensus algorithms are commonly used in scenarios where system components are trusted.
We propose CFT-Forensics, an accountability framework for CFT protocols.
arXiv Detail & Related papers (2023-05-16T03:09:26Z) - Blockchain Large Language Models [65.7726590159576]
This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions.
The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
arXiv Detail & Related papers (2023-04-25T11:56:18Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.